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(57) A method for securely storing a public key for 
encryption of data in a computing device uses a user- 
specific key pair which is securely stored in the comput- 
ing device. A target public key corresponding to a target 
device is received and a user-specific key pair is ob- 
tained from a secure registry. A user-specific private key 
from the user-specific key pair is used to create a target 
key verifier based on the target public key. The target 
key verifier and the target public key are stored in a stor- 
age area. The target key verifier and the target public 
key are retrieved from the storage area and a user-spe- 
cific public key from the user-specific key pair is applied 
to the target key verifier to verify the authenticity of the 
target public key. In the case that the authenticity of the 
target public key is verified, the data is encrypted with 
the target public key, thereby creating encrypted data 
for transmission to the target device. 
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Description 

[0001] The present invention concerns secure print- 
ing by encrypting print data using a verified printer key, 
without the need for an external certificate authority. In 
particular, the invention concerns using a user-specific 
private key to create an encrypted key version of a 
stored printer public key. When the printer public key is 
subsequently needed for encryption of print data, the 
encrypted key version is decrypted using a user-specific 
public key and is then compared to the stored printer 
public key to verify that the stored printer public key was 
not changed or corrupted. 

[0002] U.S. Patent Application No. 09/411,070, enti- 
tled 'Targeted Secure Printing", filed on October 4, 1 999 
(corresponding to EP-A-1091285), is incorporated here- 
in by reference. 

[0003] In computing environments, a print job gener- 
ated by a computer at one location in the network can 
be printed by an image output device at another loca- 
tion. For example, a personal computer (PC) may be 
connected to a printer at a distant location, or a work- 
station may be connected to a network on which many 
devices and workstations reside. If the print job includes 
confidential or otherwise sensitive information, it is pos- 
sible that there may be an unauthorized interception of 
the print job between the origin of the print job and the 
targeted printer. In particular, the print job may be inter- 
cepted by an unauthorized device connected to a local 
connection between an originating PC and the target 
printer, or by a device connected to the network on which 
an originating workstation and the target printer reside. 
Such an unauthorized device may be a PC or a work- 
station capable of utilizing network listening, trapping 
and interception tools. 

[0004] To avoid unwanted interception or retrieval of 
print jobs, it is known to use secure printing in which a 
public printer key is utilized to encrypt print data at the 
originating computer. In some applications, the public 
printer key may be used in conjunction with a symmetric 
key to encrypt the print data. The encrypted print data 
is sent to the target printer where the printer private key 
is used to decrypt the print data and to store it. The print- 
er private key is maintained in the printer in a secure 
fashion to ensure security of encrypted print data. It is 
preferable for a computing device to obtain the printer 
public key and store it, but the printer public key should 
be verified each time it is used to encrypt print data, to 
make sure that the printer public key has not been cor- 
rupted or tampered with. 

[0005] Certificate authorities are often used to facili- 
tate the secure distribution and verification of public 
keys for encryption purposes. A certificate authority is a 
trusted party that can sign a unique public key for a de- 
veloper or manufacturer, such as a printer manufacturer, 
for secure distribution to users. For example, a certifi- 
cate authority can use its own private key to sign a print- 
er public key from a printer manufacturer by placing the 



printer public key in a certificate for distribution, along 
with other information related to the source of the printer 
public key and the certificate authority, and then signing 
the entire certificate. Users can then access the certifi- 

5 cate containing the signed printer public key for use. In 
such a case, the user obtains the certificate authority's 
own trusted public key (verification key) and uses it to 
verify that the signed printer public key is authentic. The 
printer public key can then be trusted by the user for 

10 encryption of the user's print data to be printed on the 
target printer containing the corresponding printer pri- 
vate key. 

[0006] In many cases, it is not practical for a user 
wishing to use a public key for a device, such as a printer 

is public key, to utilize a certificate from a certificate au- 
thority to verify the authenticity of the public key. For ex- 
ample, certificate authorities are known to change their 
verification key from time to time to maintain integrity of 
the certificates. Additionally, the certificates may expire 

20 or be revoked by the certificate authority. In order to en- 
sure the integrity of the certificates, a certificate revoca- 
tion list (CRL) must be checked before relying on the 
integrity of the certificates. Unfortunately, it takes time 
for a user to obtain the certificate authority's verification 

25 key every time a user wishes to use a particular public 
key for encryption purposes. 

[0007] In addition, not every device necessarily uses 
a certificate authority for the distribution of the device's 
public key. Also, a user may be required to store and 

30 maintain numerous verification keys from correspond- 
ing certificate authorities for supporting different public 
keys needed by the user's applications. Lastly, certifi- 
cates from certificate authorities often contain additional 
information besides a signed public key, and the 

35 processing of this additional information can result in 
greater processing overhead in verification of the signed 
public key. 

[0008] Accordingly, what is needed is an arrangement 
for securely maintaining a public key on a computing de- 
40 vice wherein the public key can be easily verified before 
each use without the need for a certificate or a certificate 
authority. 

[0009] The invention addresses the foregoing need 
by obtaining a public key from a target device, such as 

45 a printer, and storing the public key. A user-specific pri- 
vate key from a user-specific key pair is used to create 
a target key verifier corresponding to the public key. In 
this regard, the target key verifier can be any one of sev- 
eral types of data objects for purposes of the present 

50 invention. For example, the target key verifier can be 
comprised of an encrypted public key, a digital signature 
of the public key, or another resultant data object result- 
ing from the application of a security algorithm, such as 
DSS, to the public key. When the public key is subse- 

55 quently needed for encryption purposes, the target key 
verifier is decrypted using a user-specific public key 
from the user-specific key pair and is then compared to 
the stored public key to verify that the stored public key 
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has not been changed or corrupted. 
[0010] Accordingly, one aspect of the present inven- 
tion concerns securely storing a public key for encryp- 
tion of data in a computing device by using a user-spe- 
cific key pair which is securely stored In the computing 
device. In particular, a target public key corresponding 
to a target device is received, a user-specific key pair is 
obtained from a secure registry and a user-specific pri- 
vate key from the user-specific key pair is used to create 
a target key verifier based on the target public key. The 
target key verifier and the target public key are stored 
in a storage area. The target key verifier and the target 
public key are subsequently retrieved from the storage 
area. A user-specific public key from the user-specific 
key pair is applied to the target key verifier for verifying 
the authenticity of the target public key, and, in the case 
that the authenticity of the target public key is verified, 
data is encrypted with the target public key, thereby cre- 
ating encrypted data for transmission to the target de- 
vice. 

[0011] Preferably, the user-specific key-pair is gener- 
ated and securely maintained by the operating system 
which is executing in the computing device. For exam- 
ple, the operating system preferably maintains a secure 
registry which stores user-specific key pairs for each us- 
er and which only allows access to a user-specific key 
pair when provided with an appropriate login identifica- 
tion of the user corresponding to the user-specific key 
pair. Also, the target key verifier is preferably a public 
key signature which is created by hashing the target 
public key and then encrypting the resulting first key 
hash with the user-specific private key from the user- 
specific key pair. The verification step preferably in- 
cludes decrypting the target key verifier with the user- 
specific public key from the user-specific key pair to re- 
trieve the first key hash. A second key hash is obtained 
by hashing the stored target public key, and the first and 
second key hashes are compared to verify the authen- 
ticity of the stored target public key. Also, in the receiving 
step, the target public key is preferably received in re- 
sponse to a request from the computing device to the 
target device. 

[0012] By virtue of the foregoing arrangements, a tar- 
get public key can be securely maintained on a comput- 
ing device for subsequent use to encrypt data. In partic- 
ular, the encryption (signing) and subsequent verifica- 
tion of the target public key with the locally maintained 
user-specific key pair allows the target public key to be 
easily verified before each use without the need for an 
external digital certificate or certificate authority. 
[0013] In another aspect, the invention concerns se- 
curely storing a printer public key for encryption of print 
data in a computing device by using a user-specific key 
pair which is securely stored in the computing device. 
In particular, a printer public key corresponding to a 
printer is received, and a user-specific key pair is ob- 
tained from a secure registry upon receipt of a corre- 
sponding user identification. A hashing algorithm is ap- 



plied to the printer public key to create a first printer key 
hash, and an encryption algorithm is applied to encrypt 
the first printer key hash with a user-specific private key 
from the user-specific key pair, thereby creating a printer 

5 key signature. The printer key signature and the printer 
public key are stored in a storage area. The printer key 
signature and the printer public key are subsequently 
retrieved from the storage area. The hashing algorithm 
is applied to the retrieved printer public key to create a 

10 second printer key hash, and a decryption algorithm is 
applied to decrypt the printer key signature with a user- 
specific public key from the user-specific key pair, there- 
by retrieving the first printer key hash. A verification al- 
gorithm is applied to compare the first printer key hash 

15 with the second printer key hash, for verifying the au- 
thenticity of the retrieved printer public key, and, in the 
case that the authenticity of the retrieved printer public 
key is verified, an encryption algorithm is applied to print 
data using the retrieved printer public key to create en- 

20 crypted print data for transmission to the printer. 

[001 4] Preferably, the user-specific key-pair obtained 
in the obtaining step is generated and securely main- 
tained by the operating system which is executing in the 
computing device. For example, the operating system 

25 preferably maintains a secure registry which stores us- 
er-specific key pairs for each user and which only allows 
access to a user-specific key pair when provided with 
an appropriate login identification of the user corre- 
sponding to the user-specific key pair. Also, in the re- 

30 ceiving step, the printer public key is preferably received 
in response to a key requ est which is sent from the com- 
puting device to the printer. 

[0015] By virtue of the foregoing arrangements, a 
printer public key can be securely maintained on a com- 

35 puting device for subsequent use to encrypt data. In par- 
ticular, the signing and subsequent verification of the 
printer public key with the locally maintained user-spe- 
cific key pair allows the printer public key to be easily 
verified before each use without the need for an external 

40 digital certificate or certificate authority. 

[0016] According to yet another aspect of the inven- 
tion, a printer public key received by a computing device 
is authenticated. In particular, the computing device re- 
ceives a printer public key corresponding to a printer, 

45 and a hashing algorithm is applied to the printer public 
key to create a first printer key hash. The computing de- 
vice receives a predetermined second printer key hash 
obtained from a test page printed by the printer, wherein 
the second printer key hash is input into the computing 

so device by a user-input means connected to the comput- 
ing device. A verification algorithm is then used to com- 
pare the first printer key hash with the second printer 
key hash, for verifying the authenticity of the received 
printer public key, and, in the case that the authenticity 

55 of the received printer public key is verified, the received 
printer public key is stored in a memory area of the com- 
puting device. 

[0017] Preferably, the received printer public key is re- 
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ceived in response to a key request message sent from 
the computing device to the printer In addition, the test 
page is preferably printed in response to a command 
from a user of the computing device, the command be- 
ing directly entered by the user through a front panel of 
the printer. The user-input means is preferably a key- 
board and mouse, to that the user can view the prede- 
termined second printer key hash from the test page and 
then enter the predetermined second printer key hash 
into the computing device. 

[0018] By virtue of the foregoing arrangements, a 
printer public key can be authenticated upon initial re- 
ceipt from a printer by a user of the printer. In particular, 
the authentication of the received printer public key is 
performed by using a predetermined hash value printed 
by the printer in the presence of the user. In this manner, 
the authenticity of the printer public key is easily verified 
upon receipt without the need for an external digital cer- 
tificate or certificate authority. 

[0019] This brief summary has been provided so that 
the nature of the invention may be understood quickly. 
A more complete understanding of the invention can be 
obtained by reference to the following detailed descrip- 
tion of embodiments of the invention, which are de- 
scribed by way of example only with reference to the 
attached drawings in which: 

Figure 1 is a representative view of a computing en- 
vironment in which the present invention may be im- 
plemented according to one embodiment of the in- 
vention. 

Figure 2 is a representative view of a networked 
computing environment in which the present inven- 
tion may be implemented according to another em- 
bodiment of the invention. 

Figure 3 is a detailed block diagram showing the 
internal architecture of the computer and the printer 
shown in Figure 1. 

Figure 4A is a block diagram for explaining the en- 
cryption of a public key according to one embodi- 
ment of the present invention. 

Figure 4B is a block diagram for explaining the en- 
cryption of a public key according to another em- 
bodiment of the present invention. 

Figure 5A is a block diagram for explaining the ver- 
ification of a stored public key according to one em- 
bodiment of the present invention. 

Figure 5B is a block diagram for explaining the ver- 
ification of a stored public key according to another 
embodiment of the present invention. 

Figure 6 is a block diagram for explaining the en- 



cryption of print data according to the present in- 
vention. 

Figure 7 is a block diagram for explaining the de- 
5 cryption of print data according to the present in- 
vention. 

Figure 8 is a flowchart for explaining the use of a 
public key according to one embodiment of the 
10 present invention. 

Figure 9 is a flowchart for explaining the encryption 
of a public key according to one embodiment of the 
present invention. 

15 

Figure 1 0 is a flowchart for explaining the signing of 
a public key according to anther embodiment of the 
present invention. 

20 Figure 11 is a flowchart for explaining the verifica- 
tion of a stored public key according to one embod- 
iment of the present invention. 

Figure 12 is a flowchart for explaining the verifica- 
25 tion of a stored public key according to another em- 
bodiment of the present invention. 

Figure 1 3 is a block diagram for explaining an initial 
verification of a received public key according to 
30 one embodiment of the present invention. 

Figure 1 4 is a flowchart for explaining an initial ver- 
ification of a received public key according to one 
embodiment of the present invention. 

35 

[0020] Figure 1 provides a system view of a comput- 
ing environment in which an embodiment of the present 
invention may be implemented. As shown in Figure 1, 
the computing environment comprises computer 10, 

^0 printer20, and connection 1 . Connection 1 can be a sim- 
ple local connection between computer 10 and printer 
20, such as a serial, USB, firewire, or other such con- 
nection. In the alternative, connection 1 may be a net- 
work, such as an Ethernet network medium consisting 

45 of a bus-type physical architecture. It should be appre- 
ciated that connection 1 may be also be comprised of 
another type of network, including the internet. 
[0021] Desktop computer 1 0 is preferably a personal 
computer or workstation having a windowing operating 

so system environment such as Microsoft Windows 2000, 
Microsoft Windows ME or Microsoft Windows XP. As is 
typical with PC-type computers, desktop computer 10 
preferably has display 11 , keyboard 15, mouse 14, host 
processor 12, fixed disk 13, and a floppy drive and/or 

55 other type of storage medium (not shown). The contents 
of fixed disk 13 and the operation of computer 10 ac- 
cording to the present invention are explained in more 
detail below. 
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[0022] Printer 20 is also connected to computer 1 0 by 
connection 1 and is preferably a laser or an ink-jet printer 
which Is capable of printing images on recording medi- 
um based on received print data. Printer 20 has a fixed 
storage 21 which is preferably a fixed disk, but can be 
another form of computer memory such as ROM or 
EEPROM. The contents of fixed storage 21 and the op- 
eration of printer 20 according to the present invention 
are discussed in more detail below. 
[0023] Figure 2 provides a system view of a net- 
worked computing environment in which the present in- 
vention may be implemented. As shown in Figure 1 , the 
computing environment comprises computer 10, printer 
20, server 30 and connection 1 . Computer 1 0 and printer 
20 are the same in Figure 2 as described above with 
respect to Figure 1. However, connection 1 in Figure 2 
is preferably a network connection, such as an Ethernet 
network medium consisting of a bus-type physical ar- 
chitecture. 

[0024] As seen in Figure 2, server 30 is also connect- 
ed to connection 1 . Server 30 preferably comprises a 
PC-compatible computer having a windowing operating 
system environment such as Microsoft Windows 2000, 
Microsoft Windows ME or Microsoft Windows XP Serv- 
er 30 has a fixed disk 31 which is preferably a large fixed 
disk for storing numerous files, applications and data. 
Server 30 can therefore be utilized by other devices on 
connection 1 , such as computer 10, as a file server or 
other type of server, such as a print server. Server 30 
may also act as a gateway for other devices on connec- 
tion 1 to access another network such as the Internet. 
In one embodiment of the present invention, server 30 
is used to store public keys for use by computer 10, as 
discussed in more detail below. 

[0025] Figure 3 provides a view for explaining the in- 
ternal contents of fixed disk 13 of computer 10, and of 
fixed storage 21 of printer 20. Although embodiments of 
the present invention can be practiced with devices oth- 
er than printers, the implementation of an embodiment 
of the invention for use with a printer is described herein. 
As seen in Figure 3, fixed storage 21 of printer 20 in- 
cludes a printer key pair 22 which is comprised of printer 
public key 25 and printer private key 23. Keys 25 and 
23 are cryptographic keys which are used for the en- 
cryption and decryption, respectively, of print data. In 
particular, printer public key 25 is preferably created and 
maintained by the manufacturer of printer 20, or can be 
installed on printer 20 by a system administrator or other 
system user of printer 20. In another alternative, printer 
public key 25 can be generated by printer 20 itself. 
[0026] Printer public key 25 is made accessible to the 
public for use in the encryption of print data to send to 
printer 20 in a secure, encrypted manner. Printer private 
key 23 is also a cryptographic key which corresponds 
to printer public key 25, and is also created by the cre- 
ator of printer public key 25. However, unlike printer pub- 
lic key 25, printer private key 23 is maintained under 
strict security within printer 20 and cannot be accessed 



and/or removed from printer 20. In this manner, only 
printer 20 has access to both of keys 23 and 25 of printer 
key pair 22, thereby allowing users of printer 20 to trust 
that encrypted print data sent to printer 20 cannot be 

s decrypted by any unauthorized party if the encrypted 
print data should be intercepted on its way to printer 20. 
[0027] Returning to Figure 3, it can be seen that fixed 
disk 13 of computer 10 includes operating system 40, 
registry 41 , key database 50, printer driver 60 and stor- 

10 age area 62. As discussed above, operating system 40 
is preferably a windowing operating system, and in par- 
ticular is preferably a Microsoft Windows operating sys- 
tem which includes a cryptographic application pro- 
gramming interface (CAPI). The Microsoft CAPI pro- 
's vides a transparent manner for generating, maintaining 
and accessing user-specific cryptographic key pairs in 
an efficient and transparent manner. In particular CAPI 
generates a user-specific key pair for each user of com- 
puter 1 0 and stores each user-specific key pair in a reg- 

20 istry entry for the particular corresponding user. CAPI 
does not allow a user-specific key pair to be accessed 
unless the corresponding user is logged into computer 
10 by providing appropriate user login identification, 
such as a user-specific password, A function call is sup- 

25 ported by CAPI to retrieve a user-specific key pair for 
an authorized user. CAPI also supports other crypto- 
graphic function calls, such as a function call for verifi- 
cation of the authenticity of data, such as a public key, 
which has been encrypted or signed with a user-specific 

30 public key. 

[0028] Although applications exist, such as PGP, for 
supporting the cryptographic signature of data and the 
subsequent verification of a cryptographic signature, 
such applications are seen to have a significant short- 

35 coming with respect to the Microsoft Windows CAPI 
functionality. In particular, other cryptographic applica- 
tions, such as PGP, require the user of the application 
to maintain the storage of the key pair that is used to 
create the cryptographic signature. Accordingly, such 

40 applications do not maintain the key pair under strict se- 
curity and may be more prone to a security breach in 
which an unauthorized user of the computer can access 
the key pair and use it to access encrypted data of the 
authorized user. 

45 [0029] It should be appreciated that although it is pre- 
ferred to use a Microsoft Windows operating system 
which supports CAPI, other types of operating systems 
can be used to practice the present invention. In such a 
case, the generation, maintenance and access of user- 

50 specific key pairs as described above can be performed 
by functions of the other type of operating system, or 
can be performed by an application, so long as the user- 
specific key pairs are generated, maintained and ac- 
cessed in a secure fashion which is transparent to the 

55 user, as described with respect to CAPI. 

[0030] Returning to Figure 3, key database 50 is a 
component of operating system 40 and is used to se- 
curely generate and maintain user-specific key pairs for 



5 



9 



EP 1 320 009 A2 



10 



the users of computer 1 0. In particular, key database 50 
contains a user entry for each user of computer 1 0, each 
user entry containing a corresponding user-specific key 
pair, such as user-specific key pair 51 which is in the 
entry corresponding to userl 51 . Each user-specific key 5 
pair contains a private key and a public key for encryp- 
tion/signing of data objects and for authenticity verifica- 
tion of such encrypted/signed data objects. For exam- 
ple, user-specific key pair 51 includes user-specific pub- 
lic key 53 and user-specific private key 54, both of which 
are unique and correspond to userl 51 . 
[0031] Registry 41 is a storage area for use by oper- 
ating system 40 to maintain data corresponding to each 
user of computer 10. In particular, registry 41 contains 
an entry for each user, in which login identification data 
is stored, and other user-specific data is stored. For ex- 
ample, the entry for userl (42) of registry 41 includes 
login id 45 and digital signature 44. Login id 45 is pref- 
erably a password which is used by userl to login to 
computer 10 and which is known only to userl for se- 
curity purposes. Digital signature 44 is a target key ver- 
ifier for verifying the authenticity of a target key, such as 
printer public key 25. Digital signature 44 is preferably 
a digital signature which was created by user-specific 
key pair 51 corresponding to userl and is maintained in 
registry 41. In the alternative, digital signature 44 can 
be comprised of an encrypted version of the target key, 
or can be comprised of a resultant code obtained from 
applying a security algorithm, such as DSS, to the target 
key. Digital signature 44 is discussed in more detail be- 
low. 

[0032] Also seen in Figure 3 is printer driver 60 which 
is used for generating print data to be sent to printer 20 
for printing of an image which may be a text document, 
a picture, graphic or other type of image. Printer driver 
60 preferably corresponds to printer 20 for optimal print- 
ing quality and for supporting the features and charac- 
teristics of printer 20. In the preferred embodiment of the 
invention, printer driver 60 contains the software code 
for implementing the functionality of an embodiment of 
the present invention, which is discussed in more detail 
below. 

[0033] Storage area 62 of Figure 3 is a general stor- 
age area of fixed disk 13 for access by printer driver 60, 
which is not necessarily secure. Storage area 62 in- 
cludes printer public key 25, encryption (signing) algo- 
rithm 65, hashing algorithm 68, decryption (verification) 
algorithm 76, key verification algorithm 77, hash verifi- 
cation algorithm 84, other applications 58 and other files 
59. Printer public key 25 was obtained from printer 20 
for use in encrypting print data, as discussed further be- 
low. 

[0034] Encryption (signing) algorithm 65 is used by 
printer driver 60 to encrypt or digitally sign data objects, 
such as print data and printer public key 25. tn addition, 
encryption (signing) algorithm 65 as used in the present 
invention can be comprised of other types of security 
algorithms. Hashing algorithm 68 is used to perform a 



digital hash of data objects, such as printer public key 
25, as discussed further below. Decryption (verification) 
algorithm 76 is used to decrypt encrypted data objects, 
or to verify the digital signature of signed data objects, 
such as printer public key 25, and is discussed further 
below. In addition, decryption (verification) algorithm 76 
as used in the present invention can be comprised of 
other types of security algorithms. Key verification algo- 
rithm 77 is used to compare a decrypted public key to a 
stored public key to confirm the authenticity of the stored 
public key, as discussed more fully below. Hash verifi- 
cation algorithm 84 is used to compare a decrypted pub- 
lic key hash value to a newly-generated hash value of 
a stored public key to confirm the authenticity of the 
stored public key, as discussed more fully below. Lastly, 
other applications 58 and other files 59 are used by print- 
er driver 60 and/or computer 1 0 to support other appli- 
cations and functions. 

[0035] Figure 4A is a block diagram which depicts the 
manner in which printer public key 25 is securely stored 
according to one embodiment of the present invention. 
First, printer public key 25 is preferably obtained from 
printer 20 in response to a key request from computer 
10. In the alternative environment depicted in Figure 2, 
printer public key 25 can be obtained from server 30 in 
response to a key request from computer 1 0; server 30 
having previously obtained printer public key 25 from 
printer 20. As seen in Figure 4A, user-specific private 
key 54 is provided to encryption algorithm 65 along with 
printer public key 25 to generate encrypted printer public 
key 67, which is then stored in registry 41 under userl 
entry 42 in sub-entry 44. As discussed above, user-spe- 
cific private key 54 is preferably accessed through op- 
erating system 40 based on login id 45 for userl . In this 
manner, printer public key 25 is securely stored in reg- 
istry 41 in an encrypted fashion for subsequent use to 
authenticate a stored version of printer public key 25 be- 
fore using printer public key 25 to encrypt print data. 
[0036] Figure 4B depicts another embodiment of the 
present invention, in which printer public key 25 is dig- 
itally signed instead of being fully encrypted. The signing 
method is preferred to full encryption because signing 
uses less processing overhead than full encryption. As 
seen in Figure 4B, printer public key 25 is first obtained, 
either directly from printer 20 or from server 30, depend- 
ing on the computing environment of computer 1 0. Print- 
er public key 25 is then subjected to digital hashing al- 
gorithm 68 which generates unique printer public key 
hash value 69 for printer public key 25. Hashing algo- 
rithm 68 is preferably a known type of hashing algorithm 
which creates a hash value corresponding to the data 
object to which it is applied. 

[0037] User-specific private key 54 is then provided 
to encryption algorithm 65 along with printer public key 
hash value 69 to create digital signature 70 which is es- 
sentially an encrypted form of printer public key hash 
value 69. Digital signature 70 is then stored in registry 
41 under userl entry 42 in sub-entry 44. As discussed 
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above, user-specific private key 54 is preferably ac- 
cessed through operating system 40 based on login id 
45 for userl . In this manner, digital signature 70 is se- 
curely stored in registry 41 for subsequent use to au- 
thenticate a stored version of printer public key 25 be- 5 
fore printer driver 60 uses printer public key 25 to en- 
crypt print data. 

[0038] Figure 5A is a block diagram which depicts the 
use of encrypted printer public key 67 which was created 
and stored as depicted in Figure 4A for verifying the au- 
thenticity of printer public key 25 prior to using printer 
public key 25. In Figure 5A, print command 72 is re- 
ceived from the user of computer 1 0 and preferably in- 
cludes an indication that the desired print data is to be 
sent to printer 20 in a secure fashion. As seen in Figure 
5 A, user-specific public key 53 is accessed, preferably 
through operating system 40 as discussed above. User- 
specific public key 53 is provided to decryption algorithm 
76 along with encrypted printer public key 67 to obtain 
decrypted printer public key 75. Printer public key 25 is 
retrieved from storage area 62, or if computer 1 0 is a 
networked environment as depicted in Figure 2, printer 
public key 25 can be retrieved from fixed disk 31 of serv- 
er 30. Decrypted printer public key 75 and printer public 
key 25, which was retrieved from storage area 62, are 
then provided to key verification algorithm 77 to verify 
the authenticity of printer public key 25. If key verification 
algorithm 77 determines that decrypted that printer pub- 
lic key 75 matches printer public key 25, then printer 
public key 25 is authentic and has not been changed or 
corrupted since it was initially obtained from printer 20, 
or from server 30 as the case may be. If there is a mis- 
match, then printer public key 25 has either been cor- 
rupted, or has been modified in the case that it is was 
obtained from server 30 prior to use. Preferably, printer 
driver 60 generates an error message for display on dis- 
play 11 of computer 10 to prompt the user to re-obtain 
a new, authenticated copy of printer public key 25 from 
printer 20, or from server 30, as the case may be. 
[0039] Figure 5B is a block diagram which depicts the 
use of digital signature 70, which was created and 
stored as depicted in Figure 4B, for verifying the authen- 
ticity of printer public key 25 prior to using printer public 
key 25. In Figure 5B, print command 72 is received from 
the user of computer 10 and preferably includes an in- 
dication that the desired print data is to be sent to printer 
20 in a secure fashion. As seen in Figure 5B, user-spe- 
cific public key 53 is accessed, preferably through op- 
erating system 40 as discussed above. User-specific 
public key 53 is provided to decryption algorithm 76 
along with digital signature 70 to obtain decrypted print- 
er public key hash value 79. Printer public key 25 is re- 
trieved from storage area 62, or if computer 1 0 is a net- 
worked environment as depicted in Figure 2, printer 
public key 25 can be retrieved from fixed disk 31 of serv- 
er 30. 

[0040] Printer public key 25 is then re-subjected to 
hashing algorithm 68 to generate new printer public key 



hash value 80. Decrypted printer public key hash value 
79 and new printer public key hash value 80 are then 
provided to hash verification algorithm 84 to verify the 
authenticity of printer public key 25. If hash verification 
algorithm 84 determines that decrypted printer public 
key hash value 79 matches new printer public key hash 
value 80, then printer public key 25 is authentic and has 
not been changed or corrupted since it was initially ob- 
tained from printer 20, or from server 30 as the case 
may be. If there is a mismatch, then printer public key 
25 has either been corrupted, or has been modified. For 
example, a new version of printer public key 25 may 
have been created and uploaded from printer 20 to serv- 
er 30 since the first time that computer 1 0 obtained a 
version of printer public key 25 from server 30. Prefer- 
ably, printer driver 60 generates an error message for 
display on display 11 of computer 10 to prompt the user 
to re-obtain a new, authenticated copy of printer public 
key 25 from printer 20, or from server 30, as the case 
may be. 

[0041 ] Figure 6 is a diagram for explaining the encryp- 
tion of print data in the case that printer public key 25 is 
determined to be authentic. As seen in Figure 6, random 
key generator 82 is used to generate symmetric key 83, 
which is a cryptographic key that can be used to encrypt 
and to decrypt a data object. Random key generator 82 
is preferably a function of operating system 40 and is 
accessed by a function call. Print data 85 and symmetric 
key 83 are then provided to encryption algorithm 65 to 
generate encrypted print data 87. In this regard, printer 
20 will need a secure copy of symmetric key 83 to de- 
crypt encrypted print data 87 for printing. Accordingly, 
printer public key 25 and symmetric key 83 are provided 
to encryption algorithm 65 to generate encrypted sym- 
metric key 88. In this manner, the symmetric key can be 
passed to printer 20 in a secure fashion. Encrypted sym- 
metric key 88 is then placed in header 90 of print job 89, 
which also contains encrypted print data 87. Print job 89 
is then sent to printer 20 via connection 1 . Even if print 
job 89 is intercepted on its way to printer 20, encrypted 
print data 87 cannot be properly decrypted because en- 
crypted symmetric key 88 cannot be decrypted without 
the use of printer private key 23, which is securely stored 
in printer 20. 

[0042] Figure 7 is a diagram for explaining the decryp- 
tion of encrypted print data 87 within printer 20. As seen 
in Figure 7, print job 89 is received in printer 20. Printer 
private key 23 is then accessed from fixed storage 21 
of printer 20 and is provided along with encrypted sym- 
metric key 88 from print job header 90 to decryption al- 
gorithm 92 in order to retrieve symmetric key 83. Sym- 
metric key 83 is then provided along with encrypted print 
data 87 to decryption algorithm 92 in order to generate 
decrypted (clear) print data 85. Print data 85 is then 
passed to print engine 27 of printer 20 which generates 
the print output on recording medium to create printed 
image 1 00. In this manner, print data is passed to printer 
20 by using printer public key 25 in a secure fashion eve- 



15 



20 



25 



30 



35 



40 



45 



50 



7 



13 



EP 1 320 009 A2 



14 



ry time, without the use of an external certificate author- 
ity for verification of the authenticity of printer public key 
25. 

[0043] Figure 8 is a flowchart for explaining the use of 
a public key, in particular a printer public key, according 
to the present invention. In step S801 , a user logs on to 
computer 10, preferably using a password. For sake of 
explanation, userl is used as an example and provides 
login id 45 to verify that userl is authorized to use com- 
puter 10. Next, in step S802, user-specific key pair 51 
is obtained from key database 50 based on the identifi- 
cation of userl . Next, in step S803, printer public key 25 
is sent to computer 10 from printer 20, (or from server 
30 in the case that computer 1 0 is in a networked envi- 
ronment as in Figure 2). Preferably, printer public key 
25 is sent in response to a key request sent from com- 
puter 1 0 to printer 20, or server 30, as the case may be. 
Printer public key 25 is received in step S804 from print- 
er 20 or from server 30 asthecase maybe. lnstepS805, 
printer public key 25 is preferably signed as explained 
above with respect to Figure 4B, although it may alter- 
natively be encrypted as explained above with respect 
to Figure 4A. 

[0044] The two aforementioned possibilities for step 

5805 are depicted in Figures 9 and 10, respectively. As 
seen in Figure 9, user-specific private key 54 is used to 
fully encrypt printer public key 25 using encryption algo- 
rithm 65, thereby creating encrypted printer public key 
67 (S901). Flow then passes to return (step S902) in 
Figure 9. As seen in Figure 10, hashing algorithm 68 is 
applied to printer public key 25 to create printer public 
key hash value 69 (step S1001). In step S1002, printer 
public key hash value 69 is encrypted with user-specific 
private key 54 to create digital signature 70. Flow then 
passes to return (step S1003) in Figure 9. 

[0045] Returning to Figure 8, flow passes to step 

5806 in which printer public key 25 is stored in storage 
area 62 for subsequent use, and digital signature 70, (or 
encrypted printer public key 67) is securely stored in reg- 
istry 41 . In the alternative, it should be appreciated that 
printer public key 25 can be stored in fixed disk 31 of 
server 30 instead of in storage area 62 in the case that 
computer 10 is in a networked environment with server 
30, as depicted in Figure 2. As discussed above, printer 
public key 25 can be stored in fixed disk 31 of server 30 
in the case that computer 1 0 is in a networked comput- 
ing environment as depicted in Figure 2. In such a case, 
computer 10 preferably accesses printer public key 25 
from server 30 every time that computer 1 0 subsequent- 
ly needs to encrypt data. This allows the printer driver 
to automatically detect the case where the version of 
printer public key 25 stored on server 30 has been up- 
dated by a system administrator In step S807, computer 
10 receives print command 72 from userl , which pref- 
erably includes an indication that the print job is to be 
sent to printer 20 in a secure fashion. 

[0046] Next, printer public key 25 Is retrieved from 
storage area 62 or from fixed disk 31 of server 30 as the 



case may be (step S808). In step S809, digital signature 
70, or encrypted printer public key 67, is decrypted and 
provided to a verification algorithm along with printer 
public key 25 to verify the authenticity of printer public 

s key 25. This step is different depending on whether 
printer public key 25 is signed or fully encrypted as dis- 
cussed above with respect to Figures 9 and 10. Figure 
11 depicts the explanation of step S809 for the case in 
which printer public key 25 is fully encrypted. In step 

10 S1 1 01 , user-specific public key 53 is used to decrypt en- 
crypted printer public key 67 which was retrieved from 
registry 41 . Next, in step S1 1 02, decrypted printer public 
key 75 and retrieved printer public key 25 are provided 
to key verification algorithm 77 for verifying that they 

15 match, thereby determining that printer public key 25 is 
authentic and can be used for proper encryption of print 
data. Flow then passes to return in step S1103. 
[0047] Figure 1 2 depicts the case in which printer pub- 
lic key 25 is digitally signed to create digital signature 

20 70. In step S1201, user-specific public key 53 is used to 
decrypt digital signature 70 which was retrieved from 
registry 41, thereby obtaining decrypted printer public 
key hash value 79. Next, in step S1202, hashing algo- 
rithm 68 is applied to printer public key 25 which was 

25 retrieved from either storage area 62 or from server 30, 
as the case may be, in order to obtain new printer public 
key hash value 80. In step S1 203, decrypted printer pub- 
lic key hash value 79 and new printer public key hash 
value 80 are provided to hash verification algorithm 84 

30 to determine whether the two hash values match, there- 
by confirming the authenticity of printer public key 25. 
Flow then passes to return in step S1204. 
[0048] Returning to Figure 8, flow passes to step 
S810 in which it is determined if there was a match in 

35 the verification performed in step S809. If there has 
been a match, flow passes to step S812. If there is not 
a match, flow passes to step S81 1 in which an error mes- 
sage is generated for display on display 1 1 of computer 
10, and then flow passes to return in step S819. In step 

40 S812, random key generator 82 is used to generate 
symmetric key 83. In step S813, print data 85 is encrypt- 
ed with symmetric key 83 using encryption algorithm 65 
to generate encrypted print data 87. Next, in step S814, 
symmetric key 83 is encrypted with verified printer public 

45 key 25 using encryption algorithm 65 to generate en- 
crypted symmetric key 88. Encrypted symmetric key 88 
and encrypted print data 87 are placed in print job 89 
and sent to printer 20 (step S81 5) . Flow then passes to 
step S81 6 wherein printer 20 receives print job 89 and 

50 applies printer private key 23 via decryption algorithm 
92 to decrypt encrypted symmetric key 88, thereby re- 
trieving symmetric key 83. Symmetric key 83 is then ap- 
plied to encrypted print data 87 to retrieve decrypted 
(clear) print data 85 (step S817). Decrypted print data 

55 85 is then sent to print engine 27 of printer 20 to generate 
printed image 100 based on print data 85 (step S818). 
Flow then passes to return in step S819. 
[0049] Figure 13 depicts a preferred arrangement of 
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an embodiment of the present invention for initial au- 
thentication a received public key, such as printer public 
key 25 received from printer 20. In particular, the ar- 
rangement performs authentication when printer public 
key 25 is first obtained by computer 1 0 in order to make 5 
sure that computer 1 0 properly received a correct copy 
of printer public key 25. As seen in Figure 13, printer 
public key 25 is obtained from printer 20 and is subjected 
to hashing algorithm 68 to generate printer public key 
hash value 69. 

[0050] Next, printer test page 102 is generated at 
printer 20 in response to a command which is preferably 
provided at the front panel of printer 20 by the user of 
computer 10. Printer test page contains a printed hash 
value 103 of which is the correct hash value for printer 
public key 25. Printed hash value 103 is entered into 
computer 10 by the user and is provided to hash verifi- 
cation algorithm 84 along with printer public key hash 
value 69. Hash verification algorithm 84 determines 
whether the two hash values match in order to verify the 
authenticity of received printer public key 25. If there is 
a match, then computer 10 accepts printer public key 
25 as an authentic copy from printer 20 and stores it into 
storage area 62 for subsequent use. If there is not a 
match, then an error message is generated for display 
on display 1 1 of computer 1 0 to prompt the user to take 
action, such as sending another request to printer 20 for 
printer public key 25, or such as re-entering printed hash 
value 103 into computer 10. 

[0051 ] Figure 1 4 is a flowchart for explaining the initial 
authentication of printer public key 25 depicted in Figure 
13. In step S1401, printer public key 25 is requested 
from printer 20. Printer 20 then sends printer public key 
25 to computer 10 in step S1402. Printer public key 25 
is then subjected to hashing algorithm 68 to generate 
printer public key hash value 69 (step S1403). Next, 
printer test page 102 is generated at printer 20 in re- 
sponse to a command which is preferably provided at 
the front panel of printer 20 by the user of computer 1 0 
(step S1404). Printer test page contains a printed hash 
value 103 of which is the correct hash value for printer 
public key 25. 

[0052] In step S1405, printed hash value 103 is en- 
tered into computer 1 0 by the user, preferably in a dialog 
window provided on display 11 of computer 10. Printed 
hash value 1 03 is then provided to hash verification al- 
gorithm 84 along with printer public key hash value 69 
in step S1406. Hash verification algorithm 84 deter- 
mines whether the two hash values match in order to 
verify the authenticity of received printer public key 25. 
In step S1407, it is determined if a match was estab- 
lished in step S1406. If there is a match, then flow pass- 
es to step S1409 in which computer 10 accepts printer 
public key 25 as an authentic copy from printer 20 and 
stores it into storage area 62 for subsequent use. Flow 
then passes to return at step S1410. If there is not a 
match at step S1407, then flow passes to step S1408 
where an error message is generated for display on dis- 



play 1 1 of computer 1 0 to prompt the user to take action, 
such as sending another request to printer 20 for printer 
public key 25, or such as re-entering printed hash value 
1 03 into computer 1 0. Flow then passes to return at step 
S1410. 

[0053] In this manner, secure printing is provided 
through the use of a public key without having to use an 
external certificate authority to verify the authenticity of 
the public key every time that the public key is need for 
encryption purposes. In particular, a target public key 
such as a printer public key can be securely maintained 
on a computing device for subsequent use to encrypt 
data. Accordingly, the encryption (signing) and subse- 
quent verification of the target public key is performed 
locally with a locally maintained user-specific key pair, 
thereby allowing authenticity of the target public key to 
be easily verified before each use. 
[0054] The invention has been described with partic- 
ular illustrative embodiments. It is to be understood that 
the invention is not limited to the above-described em- 
bodiments and that various changes and modifications 
may be made by those of ordinary skill in the art without 
departing from the scope of the invention. 



lethod for securely storing a public key for en- 
)tion of data in a computing device, the method 
ig a user-specific key pair which is securely 
ed in the computing device, the method com- 
ing: 

a receiving step of receiving a target public key 
corresponding to a target device; 
an obtaining step of obtaining a user-specific 
key pair from a secure registry; 
a key encrypting step of using a user-specific 
private key from the user-specific key pair to 
create a target key verifier based on the target 
public key; 

a storing step of storing the target key verifier 
and the target public key in a storage area; 
a retrieving step of retrieving the target key ver- 
ifier and the target public key from the storage 
area; 

a verification step of applying a user-specific 
public key from the user-specific key pair to the 
target key verifier for verifying the authenticity 
of the target public key; and 
a data encrypting step of encrypting data with 
the target public key, in the case that the au- 
thenticity of the target public key is verified, 
thereby creating encrypted data for transmis- 
sion to the target device. 

2. A method according to Claim 1, wherein the user- 
specific key pair is obtained from a key function call 
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which is supported by an operating system execut- 
ing in the computing device. 

3. A method according to Claim 2, wherein the oper- 
ating system securely maintains a user-specific key 
pair for each of a plurality of users of the computing 
device. 

4. A method according to Claim 3, wherein each user- 
specific key pair can only be accessed by providing 
the operating system with user identification data 
corresponding to the user-specific key pair. 

5. A method according to Claim 1 , wherein the target 
key verifier created in the key encrypting step is an 
encrypted version of the target public key. 

6. A method according to Claim 5, wherein the verifi- 
cation step includes decrypting the target key veri- 
fier with the user-specific public key using a decryp- 
tion algorithm. 

7. A method according to Claim 6, wherein the verifi- 
cation step further includes using a key verification 
algorithm to compare the decrypted target key ver- 
ifier to the target public key for verifying the authen- 
ticity of the target public key. 

8. A method according to Claim 7, wherein the verifi- 
cation step is performed by a verification function 
call which is supported by an operating system ex- 
ecuting in the computing device. 

9. A method according to Claim 1 , wherein the target 
key verifier created in the key encrypting step is a 
digital signature of the target public key. 

10. A method according to Claim 9, wherein the digital 
signature of the target public key is created by ap- 
plying a hashing algorithm to the target public key 
to obtain a target key hash, and then encrypting the 
target key hash with the user-specific private key 
using an encryption algorithm. 

11. A method according to Claim 9, wherein the digital 
signature of the target public key is created by ap- 
plying a hashing algorithm to the target public key 
to obtain a target key hash, and then subjecting the 
target key hash to a security algorithm. 

12. A method according to Claim 11 , wherein the veri- 
fication step includes decrypting the target key ver- 
ifier with the user-specific public key using a decryp- 
tion algorithm to obtain a decrypted target key hash. 

13. A method according to Claim 12, wherein the veri- 
fication step further includes reapplying a hashing 
algorithm to the target public key to obtain a new 



target key hash and using a hash verification algo- 
rithm to compare the decrypted target key hash to 
the new target key hash for verifying the authenticity 
of the target public key. 

5 

14. A method according to Claim 13, wherein the veri- 
fication step is performed by a verification function 
call which is supported by an operating system ex- 
ecuting in the computing device. 

10 

15. A method according to Claim 1 , wherein the receiv- 
ing step includes applying a hashing algorithm to 
the received target public key to obtain a received 
target key hash and using a hash verification algo- 

15 rithm to compare the received target key hash to a 
test target key hash for verifying the authenticity of 
the received target public key. 

16. A method according to Claim 15, wherein the test 
20 target key hash is input by a user. 

17. A method according to Claim 16, wherein the target 
device is a printer and wherein the test target key 
hash is obtained from a test page printed by the 

25 printer. 

18. A method according to Claim 1 , wherein the target 
device is a printer and the target public key is a print- 
er public key. 

30 

19. A method according to Claim 18, wherein, in the re- 
ceiving step, the printer public key is received in re- 
sponse to a key request sent to the printer. 

35 20. A method according to Claim 1 8, wherein the meth- 
od is performed in a printer driver executing on the 
computing device. 

21. A method for securely storing a printer public key 
40 for encryption of print data in a computing device, 
the method using a user-specific key pair which is 
securely stored in the computing device, the meth- 
od comprising: 

45 a receiving step of receiving a printer public key 

corresponding to a printer; 
an obtaining step of obtaining a user-specific 
key pair from a secure registry upon receipt of 
a corresponding user identification; 

50 a first hashing step of applying a hashing algo- 

rithm to the printer public key to create a first 
printer key hash; 

an encryption step of applying an encryption al- 
gorithm to encrypt the first printer key hash with 
55 a user-specific private key from the user-spe- 

cific key pair, thereby creating a printer key sig- 
nature; 

a storing step of storing the printer key signa- 
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ture and the printer public key in a storage area; 
a retrieving step of retrieving the printer key sig- 
nature and the printer public key from the stor- 
age area; 

a second hashing step of applying the hashing 
algorithm to the retrieved printer public key to 
create a second printer key hash; 
a decrypting step of applying a decryption al- 
gorithm to decrypt the printer key signature with 
a user-specific public key from the user-specific 
key pair, thereby retrieving the first printer key 
hash; 

a verification step of applying a verification al- 
gorithm to compare the first printer key hash 
with the second printer key hash, for verifying 
the authenticity of the retrieved printer public 
key; and 

a print data encrypting step of applying an en- 
cryption algorithm to print data using the re- 
trieved printer public key, in the case that the 
authenticity of the retrieved printer public key is 
verified, to create encrypted print data for trans- 
mission to the printer. 

22. A method for authentication of a printer public key 
received by a computing device, the method com- 
prising: 

a first receiving step of receiving in the comput- 
ing device a printer public key corresponding to 
a printer; 

a hashing step of applying a hashing algorithm 
to the printer public key to create a first printer 
key hash; 

a second receiving step of receiving in the com- 
puting device a predetermined second printer 
key hash obtained from a test page printed by 
the printer, wherein the second printer key hash 
is input into the computing device by a user- 
input means connected to the computing de- 
vice; 

a verification step of applying a verification al- 
gorithm to compare the first printer key hash 
with the second printer key hash, for verifying 
the authenticity of the received printer public 
key; and 

a storing step of storing, in the case that the 
authenticity of the received printer public key is 
verified in the verification step, the received 
printer public key in a memory area of the com- 
puting device. 

23. A computing device for authenticating a public key 
for encryption of data, said computing device com- 
prising: 

a program memory for storing process steps 
executable to perform a method according to 



any of Claims 1 to 22; and 

a processor for executing the process steps 

stored in said program memory. 

5 24. Computer-executable process steps stored on a 
computer readable medium, said computer-execut- 
able process steps for authenticating a public key 
for encryption of data, said computer-executable 
process steps comprising process steps executa- 

10 ble to perform a method according to any of Claims 
1 to 22. 

25. A computer-readable medium which stores compu- 
ter-executable process steps, the computer-exe- 

15 cutable process steps to authenticate a public key 
for encryption of data, said computer-executable 
process steps comprising process steps executa- 
ble to perform a method according to any of Claims 
1 to 22. 

20 

26. An information apparatus which transmits encrypt- 
ed data to a target device, the information appara- 
tus securely storing a public key for encryption of 
the data and utilizing a user-specific key pair which 

25 is securely stored in the apparatus, comprising: 

receiving means for receiving a target public 
key corresponding to a target device; 
obtaining means for obtaining a user-specific 
30 key pair from a secure registry; 

key encrypting means for using a user-specific 
private key from the user-specific key pair to 
create a target key verifier based on the target 
public key; 

35 storing means for storing the target key verifier 

and the target public key; 
retrieving means for retrieving the target key 
verifier and the target public key from the stor- 
age means; 

40 verification means for applying a user-specific 

public key from the user-specific key pair to the 
target key verifier for verifying the authenticity 
of the target public key; and 
data encrypting means for encrypting data with 
45 the target public key, in the case that the au- 

thenticity of the target public key is verified, 
thereby creating encrypted data for transmis- 
sion to the target device. 

so 27. An information apparatus which transfers encrypt- 
ed print data to a printer, the apparatus comprising: 

retrieving means for retrieving a public key from 
said printer; 

55 generating means for generating verification in- 

formation from the public key; 
recognizing means for recognizing a printing in- 
struction; 
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verification means for verifying, in response to 
the recognition of the printing instruction, that 
the public key is not changed from the retrieved 
public key; and 

control means for controlling encryption 5 
processing which is performed by using said 
public key when the retrieved public key is ver- 
ified as unchanged, and which is not performed 
when the retrieved public key is verified as 
changed. *o 

28. An information apparatus according to Claim 27, 
further comprising: 

obtaining means for obtaining a user specific ^ 
key stored in a computer; 
input means for inputting authentication infor- 
mation; and 

determining means for determining whether to 
allow the obtaining means to obtain the user 20 
specific key. 

29. An information apparatus according to Claim 27, 
wherein said control means controls the encryption 
processing to encrypt the print data by using a user 25 
specific key obtained by an obtaining means and to 
encrypt the user specific key by using the public key. 

30. An information processing method for transferring 
encrypted print data to a printer, the method com- 30 
prising: 

a retrieving step of retrieving a public key from 
said printer; 

a generating step of generating verification in- 35 
formation from the public key; 
a recognizing step of recognizing a printing in- 
struction; 

a verification step of verifying, in response to 
the recognition of the printing instruction, that *o 
the public key is not changed from the retrieved 
public key; and 

a control step of controlling encryption process- 
ing which is performed by using said public key 
when the retrieved public key is verified as un- 4 $ 
changed, and which is not performed when the 
retrieved public key is verified as changed. 

31. An information processing method according to 
Claim 30, further comprising: so 

an obtaining step of obtaining a user specific 
key stored in a computer; 
an input step of inputting authentication infor- 
mation; and ss 
a determining step of determining whether to 
allow the obtaining step to obtain the user spe- 
cific key. 



32. An information processing method according to 
Claim 30, wherein said control step controls the en- 
cryption processing to encrypt the print data by us- 
ing a user specific key obtained by an obtaining step 
and to encrypt the user specific key by using the 
public key. 
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